Malware Analysis Report

2025-01-19 00:30

Sample ID 240508-zzfwssab53
Target https://surryk12ncus-my.sharepoint.com/:f:/g/personal/ha122105_student_surry_k12_nc_us/EkLA8CS76xxCt48qpy-FHS4BC2gR4d5_AiBp9y-roPrS6g?e=CBg1fD___.YXAzOm50cDphOm86NWI3MGQ5ZmM3MjMyZDQ4M2IyNmJhMGQ4OWU2YmY1ODk6NjpkYTVjOjMxZmM4NmFmMjUxNjlmYjNjOWZlMGZkZjZhZDFjZmRlOTdhOTYzOGUyYjkzMTU2Yjg3MTA2ZTgyYzkwZDUyZTc6aDpU surryk12ncus-my.sharepoint.com
Tags
link pdf
score
4/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
4/10

Threat Level: Likely benign

The file https://surryk12ncus-my.sharepoint.com/:f:/g/personal/ha122105_student_surry_k12_nc_us/EkLA8CS76xxCt48qpy-FHS4BC2gR4d5_AiBp9y-roPrS6g?e=CBg1fD___.YXAzOm50cDphOm86NWI3MGQ5ZmM3MjMyZDQ4M2IyNmJhMGQ4OWU2YmY1ODk6NjpkYTVjOjMxZmM4NmFmMjUxNjlmYjNjOWZlMGZkZjZhZDFjZmRlOTdhOTYzOGUyYjkzMTU2Yjg3MTA2ZTgyYzkwZDUyZTc6aDpU surryk12ncus-my.sharepoint.com was found to be: Likely benign.

Malicious Activity Summary

link pdf

HTTP links in PDF interactive object

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of FindShellTrayWindow

Suspicious use of SendNotifyMessage

Suspicious use of WriteProcessMemory

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-08 21:09

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-08 21:09

Reported

2024-05-08 21:11

Platform

win10v2004-20240508-en

Max time kernel

148s

Max time network

149s

Command Line

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://surryk12ncus-my.sharepoint.com/:f:/g/personal/ha122105_student_surry_k12_nc_us/EkLA8CS76xxCt48qpy-FHS4BC2gR4d5_AiBp9y-roPrS6g?e=CBg1fD___.YXAzOm50cDphOm86NWI3MGQ5ZmM3MjMyZDQ4M2IyNmJhMGQ4OWU2YmY1ODk6NjpkYTVjOjMxZmM4NmFmMjUxNjlmYjNjOWZlMGZkZjZhZDFjZmRlOTdhOTYzOGUyYjkzMTU2Yjg3MTA2ZTgyYzkwZDUyZTc6aDpU surryk12ncus-my.sharepoint.com

Signatures

HTTP links in PDF interactive object

pdf link
Description Indicator Process Target
N/A N/A N/A N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A
N/A N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1448 wrote to memory of 4904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1448 wrote to memory of 4904 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1448 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1448 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1448 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1448 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1448 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1448 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1448 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1448 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1448 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1448 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1448 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1448 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1448 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1448 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1448 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1448 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1448 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1448 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1448 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1448 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1448 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1448 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1448 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1448 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1448 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1448 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1448 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1448 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1448 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1448 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1448 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1448 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1448 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1448 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1448 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1448 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1448 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1448 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1448 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1448 wrote to memory of 4916 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1448 wrote to memory of 4764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1448 wrote to memory of 4764 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1448 wrote to memory of 3980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1448 wrote to memory of 3980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1448 wrote to memory of 3980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1448 wrote to memory of 3980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1448 wrote to memory of 3980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1448 wrote to memory of 3980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1448 wrote to memory of 3980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1448 wrote to memory of 3980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1448 wrote to memory of 3980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1448 wrote to memory of 3980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1448 wrote to memory of 3980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1448 wrote to memory of 3980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1448 wrote to memory of 3980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1448 wrote to memory of 3980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1448 wrote to memory of 3980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1448 wrote to memory of 3980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1448 wrote to memory of 3980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1448 wrote to memory of 3980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1448 wrote to memory of 3980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
PID 1448 wrote to memory of 3980 N/A C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

Processes

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://surryk12ncus-my.sharepoint.com/:f:/g/personal/ha122105_student_surry_k12_nc_us/EkLA8CS76xxCt48qpy-FHS4BC2gR4d5_AiBp9y-roPrS6g?e=CBg1fD___.YXAzOm50cDphOm86NWI3MGQ5ZmM3MjMyZDQ4M2IyNmJhMGQ4OWU2YmY1ODk6NjpkYTVjOjMxZmM4NmFmMjUxNjlmYjNjOWZlMGZkZjZhZDFjZmRlOTdhOTYzOGUyYjkzMTU2Yjg3MTA2ZTgyYzkwZDUyZTc6aDpU surryk12ncus-my.sharepoint.com

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8ace946f8,0x7ff8ace94708,0x7ff8ace94718

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,16746631916427193890,8432704732758425560,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2200 /prefetch:2

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2212,16746631916427193890,8432704732758425560,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2212,16746631916427193890,8432704732758425560,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2864 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,16746631916427193890,8432704732758425560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,16746631916427193890,8432704732758425560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Windows\System32\CompPkgSrv.exe

C:\Windows\System32\CompPkgSrv.exe -Embedding

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,16746631916427193890,8432704732758425560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,16746631916427193890,8432704732758425560,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5276 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,16746631916427193890,8432704732758425560,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5276 /prefetch:8

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,16746631916427193890,8432704732758425560,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3932 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,16746631916427193890,8432704732758425560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,16746631916427193890,8432704732758425560,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,16746631916427193890,8432704732758425560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,16746631916427193890,8432704732758425560,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,16746631916427193890,8432704732758425560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,16746631916427193890,8432704732758425560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,16746631916427193890,8432704732758425560,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1296 /prefetch:2

Network

Country Destination Domain Proto
US 8.8.8.8:53 surryk12ncus-my.sharepoint.com udp
US 13.107.136.10:443 surryk12ncus-my.sharepoint.com tcp
US 8.8.8.8:53 shell.cdn.office.net udp
US 8.8.8.8:53 res-1.cdn.office.net udp
DE 23.56.207.123:443 shell.cdn.office.net tcp
SE 2.21.96.97:443 res-1.cdn.office.net tcp
US 8.8.8.8:53 10.136.107.13.in-addr.arpa udp
US 8.8.8.8:53 17.160.190.20.in-addr.arpa udp
SE 2.21.96.97:443 res-1.cdn.office.net tcp
SE 2.21.96.97:443 res-1.cdn.office.net tcp
SE 2.21.96.97:443 res-1.cdn.office.net tcp
SE 2.21.96.97:443 res-1.cdn.office.net tcp
SE 2.21.96.97:443 res-1.cdn.office.net tcp
SE 2.21.96.97:443 res-1.cdn.office.net tcp
US 8.8.8.8:53 123.207.56.23.in-addr.arpa udp
US 8.8.8.8:53 97.96.21.2.in-addr.arpa udp
US 8.8.8.8:53 43.58.199.20.in-addr.arpa udp
US 8.8.8.8:53 surryk12ncus.sharepoint.com udp
US 8.8.8.8:53 r4.res.office365.com udp
SE 184.31.15.227:443 r4.res.office365.com tcp
US 8.8.8.8:53 login.microsoftonline.com udp
IE 20.190.159.23:443 login.microsoftonline.com tcp
IE 20.190.159.23:443 login.microsoftonline.com tcp
US 8.8.8.8:53 config.fp.measure.office.com udp
US 13.107.6.163:443 config.fp.measure.office.com tcp
US 8.8.8.8:53 227.15.31.184.in-addr.arpa udp
US 8.8.8.8:53 23.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 163.6.107.13.in-addr.arpa udp
US 8.8.8.8:53 mobile.events.data.microsoft.com udp
US 20.189.173.25:443 mobile.events.data.microsoft.com tcp
US 8.8.8.8:53 browser.events.data.microsoft.com udp
US 20.189.173.4:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 25.173.189.20.in-addr.arpa udp
US 8.8.8.8:53 4.173.189.20.in-addr.arpa udp
US 20.189.173.25:443 mobile.events.data.microsoft.com tcp
N/A 224.0.0.251:5353 udp
US 20.189.173.4:443 browser.events.data.microsoft.com tcp
US 8.8.8.8:53 c21ed143f8eb6740484956b99528a371.fp.measure.office.com udp
NO 52.97.229.178:443 c21ed143f8eb6740484956b99528a371.fp.measure.office.com tcp
US 8.8.8.8:53 outlook.office365.com udp
GB 40.99.213.34:443 outlook.office365.com tcp
US 8.8.8.8:53 178.229.97.52.in-addr.arpa udp
US 8.8.8.8:53 tr-ooc-acdcatm.office.com udp
GB 40.99.213.50:443 tr-ooc-acdcatm.office.com tcp
US 8.8.8.8:53 eastus1-mediap.svc.ms udp
US 13.107.136.10:443 eastus1-mediap.svc.ms tcp
US 8.8.8.8:53 upload.fp.measure.office.com udp
US 8.8.8.8:53 50.213.99.40.in-addr.arpa udp
US 8.8.8.8:53 34.213.99.40.in-addr.arpa udp
US 8.8.8.8:53 res.cdn.office.net udp
US 13.107.136.10:443 eastus1-mediap.svc.ms tcp
US 8.8.8.8:53 77.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 m365cdn.nel.measure.office.net udp
US 8.8.8.8:53 spo.nel.measure.office.net udp
US 2.18.190.76:443 spo.nel.measure.office.net tcp
US 2.18.190.81:443 spo.nel.measure.office.net tcp
US 8.8.8.8:53 81.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 76.190.18.2.in-addr.arpa udp
US 8.8.8.8:53 surryk12ncus-my.sharepoint.com udp
US 8.8.8.8:53 19.229.111.52.in-addr.arpa udp
US 8.8.8.8:53 res-1.cdn.office.net udp
US 8.8.8.8:53 136.71.105.51.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 4158365912175436289496136e7912c2
SHA1 813d11f772b1cfe9ceac2bf37f4f741e5e8fbe59
SHA256 354de4b033ba6e4d85f94d91230cb8501f62e0a4e302cd4076c7e0ad73bedbd1
SHA512 74b4f7b24ad4ea395f3a4cd8dbfae54f112a7c87bce3d286ee5161f6b63d62dfa19bb0d96bb7ed1c6d925f5697a2580c25023d5052c6a09992e6fd9dd49ea82b

\??\pipe\LOCAL\crashpad_1448_FZMIFDIVMBFOAHJH

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5 ce4c898f8fc7601e2fbc252fdadb5115
SHA1 01bf06badc5da353e539c7c07527d30dccc55a91
SHA256 bce2dfaa91f0d44e977e0f79c60e64954a7b9dc828b0e30fbaa67dbe82f750aa
SHA512 80fff4c722c8d3e69ec4f09510779b7e3518ae60725d2d36903e606a27ec1eaedbdbfac5b662bf2c19194c572ccf0125445f22a907b329ad256e6c00b9cf032c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 0a62f0c7a9a560174f4056149a67dd51
SHA1 a06b3373d5386dc7ccd690728beecd12d5ba00b1
SHA256 325ff60847701cbe2432a8e7127ca88cc0347a1aace0094119662959d5da3a71
SHA512 d8d2de047a7070d47abcbb593e19f51ecf845c73071aaddcc1bb5d552bf7fe2d3ff414ffbd894b52dbf8032ff13aa9aa2235540bc79a14db17e10a0e5ed7d0de

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

MD5 46295cac801e5d4857d09837238a6394
SHA1 44e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA256 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA512 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

MD5 206702161f94c5cd39fadd03f4014d98
SHA1 bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA256 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA512 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

MD5 98fe3ba16ba8779afc30cda92c9858c5
SHA1 4126c952feaaaff3ea1bb3a585ae34fffc698144
SHA256 8fc7dfa32d714d588052c86667c0d03b5672c788a03aae06f57ae886f8176dc0
SHA512 7c2c66e3df2919f879951fa2141129c5e35642127b86cd136a0345050e62dfa2826b08d8028f23d8ce9ba4fb2249632c99960ce72b76c72c8cfa6a5f606363c2

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 b59930d8cf371991801f5b7fe375e2f9
SHA1 df7557693eb84aeb3792543fe606eddac2b83e66
SHA256 f16f513b89491da01672a3d8cb3ef9d3f296178a50ac80edc482c6d4cff98f98
SHA512 1ab9d4e80416a7f8b63cb1b318bf62e523bc048ef248a444886f609a916ebde6e3047865df5fc811fc3349aadca92f7ba5e7fbad108c6b895e71014c1cc10354

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 453eca678d7d014ae0e2f7252922810c
SHA1 cb187138072698ec44b826f70f0e9d12ec343a16
SHA256 3e2cf523cc3ade32df45ffdfc13f76fe78dd3703604eb02568fabb1e1e0c23cb
SHA512 f31d2f88254231aef0d2a968ae3bed9d3749c8a7e5b5a6c72dbff3c97ed21a9593719acf9fa00382046da2f44413c4a86c09027d02d165227efd5c43c9629a1b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe579616.TMP

MD5 f941c2354d63eaca1f5bbff468bb9107
SHA1 8071df9fe21ecbe534900ef26d442d820871f43d
SHA256 3d6efc2cea881243c104ea579baa378f0401a129372c83f0add07104c2742748
SHA512 0fe369809d68970d3029456554117ff344a1468c3b51ed0603ae6b920cf657de910c42a0b137e3e43e40d007d732d329468b5ab53beb3519afa74e7e91a2cf07

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

MD5 c7db0cd4fcee4ddd97aa66970f8507b6
SHA1 d21e1324ba83fe5806d4e30b199ff53cf5f8d5b7
SHA256 40037e8fa235edbd4031fcc96fec516117d057060044bb1889d5404cdedd228d
SHA512 8ff4201192466124f141fc8037ba94edc1523116a86a4b494f8308791badf1f77f7bcac49701bc89149b4b9cb871c4779815b0e9e0049ddda81010dd952dbd33

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57a095.TMP

MD5 8620710656b495b9cf1b07c5daebc227
SHA1 6fa57d5cdb166c38c92e420da41264d364aa0fea
SHA256 501a21e55029b4226328351aa977e35f0c68f791fd8710d5e1af2a4dd2f1168d
SHA512 48e76b4c6f5a7aa02d922f42963b5133697ec2aac47190189d5712b2bcb5c0171406e45aedd266d62e1eeebff2dab9c5649c146894b3f6ea6fe16c1bc182d023

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\bf07c385b57c6d5793c2917dee23c6c63d5170b7\index.txt

MD5 a0bc752364d20ca962dd07c08d676641
SHA1 17baa102178371dd21a1c506876944f828501d9e
SHA256 921b52c370d7d81f6441d627428c1a65833f2dd98db946ed9f4d9abfb8382a6e
SHA512 f7af38a51cb73afda1eb925eeec013318f5b5d3b31e2405e663d05d27bc75ccd3b6046735b674522396cf0c05d613d3262ba29ff1ad8a3ce825a338a8c424916

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\bf07c385b57c6d5793c2917dee23c6c63d5170b7\index.txt

MD5 7453307244384c25ac2140267e0c95ad
SHA1 e1303573e3f9a67bcf5033e1d016267796e24981
SHA256 c565006ed61edd9f71e12d17b5d8883c214b2841b06c9c987b518e3f685ef941
SHA512 3b073a6778b6dad07fb98d1b46d56256cf9d4d4d3779ef62d5a9be8a0357e9fd408f9203eb52d733e275a6c64777ae0b6142d4d33dcd376d89b7a2b87b490154

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 8e0a51632e3e82ab1201e6965cdaaac2
SHA1 72df31e4021684f72986beb1ca8b59ea91f01a6d
SHA256 7801acb103c3d85f3083133031c213305821df1adb72137104c74467507eedbd
SHA512 d308cfe4db382ef1452b352d35bd50269688f79b3417cebf0957ad6a29bc0373b131b34c617842aea9d59b89994c121c0db88eecc7df6d3597718b5c7027b5c8

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\bf07c385b57c6d5793c2917dee23c6c63d5170b7\index.txt.tmp

MD5 e2949fd4f804744e540d0adf20ed0705
SHA1 0ea2d01a9c7c6919748e055f3f239836c63cd05e
SHA256 39d5ae94ac0fe1996bcffefd8f5502dba7bcf955b1fcef2f1a07673d362ac3d4
SHA512 9d9fef6eb7c8155f3f0b87238c8160f65b5494349fe45d97b2287c8203acf563608c8e78d1ab882867cce0f1767be30f4a33aa8de59644d6dfe76b195f536b80

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 42c5c8558da5dbac24d4fb21712c2cb2
SHA1 b276bf51780aa1653ee5cb9cd61908b4cd41a051
SHA256 55e41409ce9f98225889ca7310fc11a7a1d37bfd0a4621637bb8a87d07425324
SHA512 ed5d49faec24fbb87ed10ccf34cb51efd442377733f3c42f740b58227de33b1122a278fc0c0ad96af5dea6166abdcda2d8e0f8af1486312de363a79da5672ee6

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\bf07c385b57c6d5793c2917dee23c6c63d5170b7\index.txt

MD5 59d9aa5a3b9f01823bcb566e57e18f07
SHA1 1d47715e07baee6b9b00c3e313a9e08132ff394a
SHA256 2d635e25fd70aba3bef3bcee60d69e018385bac0fbc0361be20a26b5b16f8335
SHA512 e313b775ddcc0f26ec724e9324e0a3583ba7ccc900152a450874672f29fcc1b535c2f416d65fcb6d2f0b83eb8b70df6dfb02beb8b13ac19290e59b9709d8f011

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

MD5 8c75a2c6ca90de8e8c5a577fad5fa8dc
SHA1 7401fa1fa1d88c68ed0e1054d050534ee53a9681
SHA256 d382628253728d1fbc9095a5e5f5d318e79433920430da5fa2e9c424ec094fd8
SHA512 d12f4ad412671417a9a83e60deab1620e3cd112d55d0ac8ebd5eb5a846bf3f8c490741bfdc0c6b2e169b7146ba3244b7b6cd69a0c2d0fcde2fcd1cfb0ba057aa

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\bf07c385b57c6d5793c2917dee23c6c63d5170b7\07a7ac62-fd31-42d5-b66d-37d0ccb81c80\todelete_7a48c130a6a40c0e_0_2

MD5 2213ad59650d990b82d43b75279bf059
SHA1 0fc33741c667e0cd052827aca9d3561f3da63960
SHA256 6d72200ea923e909662f89d85c400a76f5f4814ed749f1c860a05bcae05eafe5
SHA512 13a814d92fe390f68591e03dfea876df9b716b5c85ca770fef38cfcad70e1cbe61ac91a5796b403ef1a42d0a490937977d866ae4d9dd6c01d673a5c2193ea3ba

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\bf07c385b57c6d5793c2917dee23c6c63d5170b7\07a7ac62-fd31-42d5-b66d-37d0ccb81c80\todelete_7a48c130a6a40c0e_1_2

MD5 a8ee7d4943510bdddd082b6cd8415f98
SHA1 dc09980ed5603d1a6344b6237bd684481251d172
SHA256 836e17eb0cece75947db8d0dea98e95797e55f5b20808e39cc360bf753ce684c
SHA512 8fad4fd9514ab97efb64d616deee2de9124ebe9c10fe6ba3b16f749e7874796238ce391e098a3f3fb8c7a803751ee3ac5569155182642f97e0a0666ff8d15cb3

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 a9f873a9c9fd9d4933db280ada22f7e4
SHA1 d6d8f78fd03cdfe2653c416c6c2bc7d728df0a19
SHA256 6e189365270d3e706df8355c501d8983ab0434222e42f142881f299303638c8f
SHA512 f5e488e87286f8f83271cb674390c193d1b6b438c70d3f0f8d5d17df41ad9a148e46a5895ff801f32b5e15221c270094cdf8be87bf9164f7f2ebc4f486ad7b41

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000113

MD5 6fb3b46e7749d652927d02202936f21e
SHA1 3453183286ccbe2d57876ea324f0237d3cdac85c
SHA256 f5d2674bf7b76ae31be361f2d00dd172c6d10f03052c0b1a302ac6972b1d0527
SHA512 8b13f0c7f34f92c4d47c409733c2be1493f46c015c801a47aec943ecd95df69527e345ee66df0cb4bcb50c9bfb64a480533a549a6cba1f91983a73503dfba2d7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 b3f42b41f4c1bc0da8d750b606e91ecc
SHA1 2a783edb99e86f96806b48313b4717fac5d98432
SHA256 51d957c53a373215a099c1fa4714e83699484779db3c6486f44df7d1a6e5fe40
SHA512 5753874c9588143d09b8bc3657c2f750256cdac6dce62cb3e5580652c1b2434938d3e1a04617ab48827eab8cf8b0065673f3579c4aa9ac74c2568544b9020258

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 ada0bfda0877b18a30b9d74a2c73f034
SHA1 92e4e17ee62f14682425273b2414f6e6c4d4b6e2
SHA256 80dcf840be2549e7c490587714aed7540679464eea3694c7daabfb2ffd385cc2
SHA512 e78cb69ba1e1ab2c2779ba17001d1756a561b314413f8aa338362c17c63a07bfb22c54c8fc74f2ba3755812f3ef48434b8deaad97b2370c95ed73c9fac9f7052

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\bf07c385b57c6d5793c2917dee23c6c63d5170b7\ffbf7624-031f-448d-a14d-a8b0a8fc6a61\index-dir\the-real-index~RFe5816bf.TMP

MD5 70b87248db6b29cabbab139166841fe0
SHA1 f2887986a5a0ad23f3ac19752babeac5f61f30dc
SHA256 9578a6f7a802ae23e4f62844c75f71bafd5a7eb23c799be6066b77015ec31fc3
SHA512 af08dbfe237bb55068057d8062449516e3149d04039475a890eaeace1ba9e7f69da064bc7a303a659c68f5f416449f09b148023db1a74d6e955d4922f41b34ec

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\bf07c385b57c6d5793c2917dee23c6c63d5170b7\ffbf7624-031f-448d-a14d-a8b0a8fc6a61\index-dir\the-real-index

MD5 593493b56102369795cdff2baf9c7db8
SHA1 a0346c7d7ca1be7368360a6bde003f03e89e5321
SHA256 decde7512ede4dfe1ae68e0efa04e5ef84aa58c0b82a273af0115a192c070ae8
SHA512 baac626f2a74480a6246f8f574da44176f0298c4a5e39adde1ec196f9b8e0651811aa4f36a6d1b949e9ecaa1dbb6c75685f567cb95f6a176f019b076b883ba10

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\bf07c385b57c6d5793c2917dee23c6c63d5170b7\8336c0d7-af3f-42ed-af77-5b219e7e9778\index-dir\the-real-index~RFe58267e.TMP

MD5 4b0c695625d405be57efb4d61f2a3cd7
SHA1 0a39fa5914037b131404907391ffc6e92ff39497
SHA256 6b1e70b69827ebe7c9ce10fdea5585d257d35139403004b46bbf8e359258474d
SHA512 fa1bbab88ca0d4a6ed6bb7ff3ec5b6eafbf828eecba85c971f03f7cfa78e0c0d5fc765f38f8f16bc3abf255654cc59f507e72195a25cd9bcf16c89c849016fe9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\bf07c385b57c6d5793c2917dee23c6c63d5170b7\8336c0d7-af3f-42ed-af77-5b219e7e9778\index-dir\the-real-index

MD5 3e67179b33517e560bcf69b51503c5a2
SHA1 5d0415f978529f2d71f9d319213fb60ecf8c5935
SHA256 b4ea33b0cda39dd1db2e3324e4a3a4a0b732eeb0d220f99c075ad93d0a124d75
SHA512 20831e9ded7cd71151851cb14c5723a310a5e868cd0816cb5b7539c924b1f2c1f8be762b2b57944339759443eb7b2e4e32c90b2a9218e15ed5be22730767255e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 97f049ee2acd5fbecad7d3fbabf06238
SHA1 d505aae1f521503e09df819f6f56507cea225ea5
SHA256 33569f78aae5774b375c9d7053766ed82281e80325166a72cafe825a4773945d
SHA512 f572a7710774cb6fa9c0c6534593e5d7bc99878da3084149c42fa09bcf810f91a5142cd1d05768ee44799804129d3e7926d8c2b86451c65b0cbd6f2a4bf1534a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\bf07c385b57c6d5793c2917dee23c6c63d5170b7\07a7ac62-fd31-42d5-b66d-37d0ccb81c80\index-dir\the-real-index~RFe585530.TMP

MD5 fe8c33805b6887b1c067b29e755691bc
SHA1 9fc99dd2427ae6ef884d978929216f2a0cdc85c3
SHA256 b91a62cd305a4c81a4a17aa53199d72329f9819063c8910c03a6beab6584b639
SHA512 22a9066ef9f5216466ff2f131ec36e295c8f5ce31514bfc3a8e33336bdb0b17c268b33d15bc4a14cecf3ea6788203a9aa5af322c41a515899824b70ee887aea4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\bf07c385b57c6d5793c2917dee23c6c63d5170b7\07a7ac62-fd31-42d5-b66d-37d0ccb81c80\index-dir\the-real-index

MD5 c98621c1d90d01945759f30dd0393cd3
SHA1 ea646db55f84728418380937443be12aefbf041e
SHA256 366a98cff9bf3a2ae0444325acb95b0011542a8ec099038be557d8d9356d9f3d
SHA512 d7f001358a46014acf12c1bd94053248139b8c7d69139e0717cfad95b9744464df21b87ed2218553ada8545ace3d80208fd42b21ebd4a7c62498d8c4fafbf69c

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 04f0e5b54fcb5947b57706d0edfbef21
SHA1 6bba3cbf37e8519c01b343e53c3751912bbe4874
SHA256 331bc858a03ed6de81ed90c4f6bf5499c85abaefccb380abe600a21113b15a6d
SHA512 9e8ecc1f5aff27c1d11e71d25083ddccd9eab8c6d02efa76ee878e4af269d091a69a79ef16642af14d2e5a62aae1ddd5d6f8fabbe79bf6609568ec682fececbb

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\bf07c385b57c6d5793c2917dee23c6c63d5170b7\index.txt

MD5 3bcea076a876cded5e50dfee0c076e19
SHA1 58011194af33056a4b5b6e51e547cd9e231489b0
SHA256 4e4ec574000e700ca3e44a2fb24deb288010a72dbce4cb1053cd52acf8f17423
SHA512 56b59a54d0792c4c72b6071377e21a8a001e43f96985d43be1ca7f2e53302f8ea49874f053dae98c15079897b9b32717d3bbb3ae128feb2585bbcac63ff97610

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 c066a66cd873ac63922e2f8156829871
SHA1 690560818324d1e37a1445d8f211754204f83fcc
SHA256 19bed186f4abb02757d7e04cddcd03204baba8937538b9621543438fd6ee09f8
SHA512 912ab02f65cc2aeb41bc790ca0bb5e62e9f32a7525b33dfcb0204fc77f3ae63f030126e247f5daa3faf3cc11897d0a781229bfd8b1f266d4eed244d028726a88

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

MD5 12754a1a85e01b1dd6122cda53ac8ef0
SHA1 ba403883abeb1b47e6413896e73bfd02b5d53142
SHA256 a22221b179807dad4d1630b381866ae9c3f3c79bd88c68a8fa1e5c08c2a19b69
SHA512 118d92e2176a8615749d4de5cd9f7d921b7bf31110d8e741a9f0c40bb47e63071da5ffb615e279bd6799b94271771778d31ca50a74845ef63e74c9bc4a98e568

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 6addf22c9d8920b9e76a6e06dcdf556e
SHA1 a2bf63b99b19655cb3f8a6bd9a19727343346086
SHA256 d2a136dfb08e280992fd276c1819596a876983a2f1619f18b0e40a23acf98eee
SHA512 9d897ee62f871157a593e6f11c54762979de23a4ec5c42d38c8f01493463966c4805fa9d7288cbd6d5b647c9ab09a34300005d57dcfd60b6b5426e96cee12a19

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

MD5 e133929eb807bdf1ca4f85f6f03e3354
SHA1 6e809660c18898766df886f8c310b33501c231f7
SHA256 c0aaf3d06f23a1ebab0710e552f2aed9a16a05ee74fbd8ec8fcafcf7f2f984e1
SHA512 46c8a1d8f17cd6243e59ae7b9c783c458e2bb96576af461d7050dc33f54bec9e4d12e264a12f6a0fe441b90d93f90ab14658f1d2d778fec884cf93fce17229e4

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000090

MD5 425ea56449152994edc50657d836d544
SHA1 5d4f8d8bca58b1826d981bc6efc82ea219e9fa76
SHA256 5224ad20aca4bc3a5f6a3ca050e19e4c734aeb0bbcaf97d97cc155317d1c2c4e
SHA512 5dae5af1dca4ddeec5a3ba34df938317e5bf23d2eb219a52e13da7999e4ca1d0a88b9923f99f4948a9fb5a034e079b52cbec140681ce4ea85ce867ec2d12ed9a

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000093

MD5 e081b27f75b1b6d94ff64843f98955d6
SHA1 3905a36de2d7d3f3d593e401f315b425f09498cd
SHA256 ea0b6f416c439d2ce076f503b265147cbe2f5ab0c96593a15b1d3c0517307c74
SHA512 15edf16a236b11ad4d8659ebdfa7a8e046ddbb4c4303d80a0450d6c2f6922fdcafae954c6ec9b8b1c66e24fd88c582934d144b2988e311b87e5718d676fecded

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000096

MD5 98484d7e63fdd32408c862e6ce7c0801
SHA1 db6ef8532e098b8562f44fc80a04f078a30c6a24
SHA256 1da3635221546996579efc4ef8678fa0588ee75b8c10f075523c419d909aeeb8
SHA512 3a8fbb0b7369d6a8138ed0010aa9cce52e55fe91638af58643def2b4a5c213f5f17aab6ab7cb391b96d16e7c4a60e4d6a9f79ccbaea03adef0d9df46fda430e9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009a

MD5 ecfed48e463db4e31d1691c8af367730
SHA1 7533dabbd7f41ab48213d0b899d715f11f906b57
SHA256 34b41de3f65166440ea2ce40121eb1c9b9c2bb92d188bd32a8e6091cd92316db
SHA512 06b01068867af6263d165519477073d9daa1f0a8bc40690f645e4546963c78ebc0e5ce324dff49c86a2255e4a0f15d4e4761c495e1747cd08c63146a1c46b0dd

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\bf07c385b57c6d5793c2917dee23c6c63d5170b7\07a7ac62-fd31-42d5-b66d-37d0ccb81c80\index-dir\the-real-index

MD5 0e2fd8dabdaa3f5bcef9d921c1f38b8e
SHA1 13fb051841d01002e8a92e9aceaad96771230f5f
SHA256 d4c4af99edf161f2cf35978bc3d2329be4377fe56d1fa4e29064c232d6affe97
SHA512 7cfa700ad9a5f5b685679ed07edc50ae8b2b195276aaac9506df973d900b2f60aa5044b61a4b10ea67f9494e1b5193a3547b3bb6858a2a316a11227a0f18f0e5

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\bf07c385b57c6d5793c2917dee23c6c63d5170b7\index.txt

MD5 5be6bb2e63b5df60ae5d7ce86db861be
SHA1 dfda5362346553dcd5e06360a7b7a7b0e874f97f
SHA256 b179576eee3e2b54195ea0e5f8e44a6d3101604af4a1a68131870ebb0728f710
SHA512 e83e3b53a10e5c12d650b190ac633dbc90d490219508a82495f49c607e87eb62558092a9d10ca81a8c5ee03f2741d072ab4bb7397e0fa7e70fc0653844489a69

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 fc61832988d07501dcfddd55694c626b
SHA1 52dfc35b81785eb3f5b88634dad3b02e95df1fe1
SHA256 af94504684e444f5c4f5f7cb3cfb9c7383bd20f784b01a21a8bf16c37ba9ed53
SHA512 a0b1f9a068b7a33eecb494a3ae4f57f9940b355659c8c921edb13f885112b2198c74b4e2eb2eea4c64fe2b1a9227cc9956915822cd019d4aedcfb4861d28a312

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 4cb75006d5a0c7e76f4b872c29179c76
SHA1 e83d1bfad86590ce8415d8783a9d875fecd4fb57
SHA256 7ee471719e6f55c8c14e3004e0df79777ef79aa30431cc2284056a2be0566001
SHA512 1439b1f1c6231f1d7d4d41eaf4d89fe9f39298c3331b137560974dac916093015730427a6f7c1bc8ef113b749ec62b5acf89f49b23f41ebe121e60cd708f5ee9

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\f1cdccba37924bda_0

MD5 a72f262ec1db6815943251c7c7e35856
SHA1 2f95e03fa98df451696adf29d5611bd5d51b604e
SHA256 51f897f2d04f24c48bfc43e3e8a50eb088465fe3885e80a503cb65a843b937a5
SHA512 f5c9a7f90a266dde35e145f42f7820c3a4c3546b984232bd272e9364228e628f45ad487287d96a5614ae7cb27414fcb24bdf074ae97f004940f1a23c2506861f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\4cb013792b196a35_0

MD5 a3c7b2bc0bb40d6ed33582288c50d9a7
SHA1 0c8fb796f722c071b0062a755fe998413f88f051
SHA256 c47bf48745e2a3d9e41997d44124aa64aebaa0b53cb3f70328c93931b8e04829
SHA512 8b1fdb2c881c4036eef647cd89303bf4a5938a3b758002cb0fcf6a54b08501a2b99444a93955d251a89308462027ad7ace0c0f37afc131f9bd50aba952bb0f96

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 7202f4da45cd7aaa544c91e62548f06b
SHA1 b57b253eae048ec6fd7eabda87aece80fcd10862
SHA256 06b291fd605f21c28e2c3d49d731849543b1355d11744d60835f718dd590539c
SHA512 69c26339509acc6f95a69f6d3f3def641bc8bb4c858f68d17677a5db644048ece1f245974f0adcc8017e9fe1d4638851983fd64ba113b935cb4d7fdc9230ab91

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\bf07c385b57c6d5793c2917dee23c6c63d5170b7\8336c0d7-af3f-42ed-af77-5b219e7e9778\index-dir\the-real-index

MD5 62e1a14d20ff88348e10cf3bf400bfcd
SHA1 2a2f24fa51f3466c0345031aa5b3e1e30552f06e
SHA256 ce02018539f629e08407941fc7bd424510390c369341cedcf477bcb88f1c0b20
SHA512 021aed92da8cb8f6053f7d40d18ac5a5febb20d64e96c069a10d7d0b889c499c1f9249a7b6ecb1d476b4c1a8de20a5b345bddc07de87fd1f03623d707690d3ae

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 f9e694f3bb65039bc2261c885de69fa3
SHA1 3775f8a9aafeebc7e401ea1afdfe2ece76086c56
SHA256 01f25fb67c74686f0b05e842378a2553238d314c295eb7f7983a4c025d44bfcc
SHA512 5e4110ff780c3271e9a33540ca8fe532f6c190c2e45fd8dd3079887dda1a443f0a2b0a2a7e9c68ec5ff6732a17bc936b6bb5c0d08138e20b8af6d12f8eb0dcd7

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

MD5 bb2cab755ddbf301c9847521961d139b
SHA1 9f5e99c092de1e6d4403a2daeca42eb75774860e
SHA256 436e2f0f4cf9555c2f8a593e05c07fe416707b6a64a2a4be9a931e0a76543be3
SHA512 59fb0dc4f13abda8ee3f512261de2d3a105c12684fa37128e123fb537f495010d75dc624843249be8ce91cc9bc540e489fe9a9732ceaae1c2e585e4b03179a1b

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\bf07c385b57c6d5793c2917dee23c6c63d5170b7\07a7ac62-fd31-42d5-b66d-37d0ccb81c80\index-dir\the-real-index

MD5 466e702513e152749d4db3e8d3b616f4
SHA1 a1231f50bb89616586d0ea5759334149c32f80cb
SHA256 4d67cbc88ef555e4c279a5832444a762e122eaebf7cb033b00c3fdc4da55a007
SHA512 0605a2fc74ff4be5a2729b916e01742e19a452abf239d2834e14882509090276cdeb0bc16b5fe1447f3c393a7500921e561f92cf6d2b9fe0b4abd10920b4568d

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\bf07c385b57c6d5793c2917dee23c6c63d5170b7\index.txt

MD5 9ca888de060478fb658f11618bf813e1
SHA1 484d1cdf3e0428bdbbe5e161bc538ea27f2fc112
SHA256 929a750eddbdfae8850abdc99b4bdfb55ebf96fb2f4a07dfe9f0308a476a3e9c
SHA512 00b2297aad406b161533a1dab1cd66908b9e4e90f9cbc1569968b7ae708ffddfb59aaacd8573969f9d26d7746d9d609c34310d34c8e96bbe66fa04c439115e77

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

MD5 2aa6f6c1b25c74decafae996ad7ce837
SHA1 64ebe6c5da007163ede6a57fef9173390eca5d2d
SHA256 bdaafa61c126e5e56af5e53efb08ec3391608dd33b0d986b109a2421d24d9d3d
SHA512 e69e9c080def1bb96678f9a740a59996a67c6026e7f4664a9d0b6de4cc3052b8df53738aaffd2988ddd7b49d4551bb1a10ebce481af13e581c2b5d15f599328e

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 0c272345b0df2ebef9b97156e97eebb2
SHA1 46d03b32695e1466bfa81c3f9930d0f952b0530c
SHA256 2f128c284d28b52a49a33c787797b46365b0b4df5986e86432c9b892ad50c162
SHA512 7b175d97d632decba4710d80b27a07e0735c7bf96bf0ee10223c06303cdf1da7bc039c14a1036a0bd13314e4154650f6f88bce88ef98a93cb727ddbe64400a9f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_surryk12ncus-my.sharepoint.com_0.indexeddb.blob\5\00\2

MD5 5ce64178301021602f3626515b5d13fa
SHA1 0c140922f9bd50a6373d0a58bd22450435d3366b
SHA256 7db186991e3d32d8d38047c05c74db4ea7c71d4b2700dc5141bf8a42171852bb
SHA512 14a31f8479481a9ef7a7a4c6c1c1a38db29eef7cfce7011840bb4ec5f78ec7992f4f44f695931221400e8ef2c397ca2b9f2f36f52a102b21bbdb32963325295f

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

MD5 9f4883efd09a4c9d72b604f2fb709a65
SHA1 24ce09a338a99a110948b33d6e754b52c5cfd122
SHA256 085a8433599bbd369717751158d9ce54c26138bf7f094eb1de57045d2e3b0191
SHA512 6a81f81285aaeb2bdf31137e3f0319d60e017941e79368401fb3bbd83dbd6efc716c42abaa9ad363a1bd48f080af25b55fbc86c18d0fdc304a16dac981b38a39